From 529c79dcfb0dc20c123865d1caf1142b085080d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Wed, 15 Feb 2017 15:05:35 +0100
Subject: [PATCH] Fix parsing wmfrog arguments
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
A command like "wmfrog -s KSEA -o 7 -tmp /home/stela010/tmp/wmfrog"
crashed because the -tmp argument was bigger than a static buffer used
for storing the argument value. There were similar issues with other
argument values.
This patch fixes it. It also fixes the fact that -tmp argument was
always ignored and user's home directory was used instead.
<https://bugzilla.redhat.com/show_bug.cgi?id=1422319>
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
Src/wmFrog.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++-----------
1 file changed, 54 insertions(+), 12 deletions(-)
diff --git a/Src/wmFrog.c b/Src/wmFrog.c
index 24f795c..c422e55 100644
--- a/Src/wmFrog.c
+++ b/Src/wmFrog.c
@@ -12,6 +12,7 @@
/*
* Includes
*/
+#define _XOPEN_SOURCE 500 /* For strdup(3) */
#include <signal.h>
#include <stdio.h>
#include <math.h>
@@ -74,7 +75,7 @@ int NeedsUpdate = 1;
int maxWind = MAX_WIND;
int timeOffset = TIME_OFFSET;
long UpdateDelay;
-char* folder;
+char* folder = NULL;
int needsUpdate = 1;
/*
@@ -91,7 +92,9 @@ int main(int argc, char *argv[]) {
*/
ParseCMDLine(argc, argv);
- folder = GetTempDir(".wmapps");
+ if (NULL == folder) {
+ folder = GetTempDir(".wmapps");
+ }
initXwindow(argc, argv);
@@ -343,7 +346,11 @@ void ParseCMDLine(int argc, char *argv[]) {
print_usage();
exit(-1);
}
- strcpy(folder, argv[++i]);
+ folder = strdup(argv[++i]);
+ if (NULL == folder) {
+ fprintf(stderr, "Not enough memory to copy -tmp argument.\n");
+ exit(-1);
+ }
} else if ((!strcmp(argv[i], "-station")) || (!strcmp(argv[i], "-s"))) {
@@ -352,6 +359,10 @@ void ParseCMDLine(int argc, char *argv[]) {
print_usage();
exit(-1);
}
+ if (strlen(argv[i + 1]) >= sizeof(StationID)/sizeof(*StationID) - 1) {
+ fprintf(stderr, "METAR station ID is too long.\n");
+ exit(-1);
+ }
strcpy(StationID, StringToUpper(argv[++i]));
strcpy(Label, StationID);
} else if (!strcmp(argv[i], "-delay")) {
@@ -377,6 +388,10 @@ void ParseCMDLine(int argc, char *argv[]) {
print_usage();
exit(-1);
}
+ if (strlen(argv[i + 1]) >= sizeof(Label)/sizeof(*Label) - 1) {
+ fprintf(stderr, "Station label is too long.\n");
+ exit(-1);
+ }
strcpy(Label, StringToUpper(argv[++i]));
}
}
@@ -454,7 +469,8 @@ double UT;
// Will be called at regular interval to update the weather data (alarm)
void UpdateData() {
- char command[1024], Line[512], FileName[128];
+ char *command, Line[512], *FileName;
+ const char weatherPlScript[] = "/usr/lib/wmfrog/weather.pl";
int ign;
char* igns;
igns = (char*) malloc(512);
@@ -492,13 +508,29 @@ void UpdateData() {
/*
* Execute Perl script to grab the Latest METAR Report
*/
- snprintf(command, 1024, "/usr/lib/wmfrog/weather.pl %s %s", StationID, folder);
- //printf("Retrieveing data\n");
- ign = system(command);
- snprintf(FileName, 128, "%s/%s", folder, StationID);
- //fprintf(stderr,"%s\n\n",FileName);
+ command = malloc(strlen(weatherPlScript) + 1 + strlen(StationID) + 1
+ + strlen(folder) + 1);
+ if (NULL == command) {
+ fprintf(stderr, "Not enough memory to build wheater.pl command.\n");
+ } else {
+ sprintf(command, "%s %s %s", weatherPlScript, StationID, folder);
+ //printf("Retrieveing data\n");
+ ign = system(command);
+ free(command);
+ }
+
+ FileName = malloc(strlen(folder) + 1 + strlen(StationID) + 1);
+ if (NULL == FileName) {
+ fprintf(stderr, "Not enough memory to build staion ID file name.\n");
+ fp = NULL;
+ } else {
+ sprintf(FileName, "%s/%s", folder, StationID);
+ //fprintf(stderr,"%s\n\n",FileName);
+ fp = fopen(FileName, "r");
+ free(FileName);
+ }
- if ((fp = fopen(FileName, "r")) != NULL) {
+ if (fp != NULL) {
ign = fscanf(fp, "Hour:%d", &weather.hour);
igns = fgets(Line, 512, fp); //h
ign = fscanf(fp, "Minute:%d", &weather.min);
@@ -620,11 +652,21 @@ void UpdateData() {
char *GetTempDir(char *suffix) {
uid_t id;
struct passwd *userEntry;
- static char userHome[128];
+ char *userHome;
id = getuid();
userEntry = getpwuid(id);
- snprintf(userHome, 128, "%s/%s", userEntry->pw_dir, suffix);
+ if (NULL == userEntry) {
+ perror("Could not retrieve user's passwd entry");
+ exit(-1);
+ }
+
+ userHome = malloc(strlen(userEntry->pw_dir) + 1 + strlen(suffix) + 1);
+ if (NULL == userHome) {
+ fprintf(stderr, "Not enough memory for building temporary path.\n");
+ exit(-1);
+ }
+ sprintf(userHome, "%s/%s", userEntry->pw_dir, suffix);
return userHome;
}
--
2.7.4